Cascading Data Breaches

by Brent Kirkpatrick

(Date Published: 2/2/2018.)

Data breaches can cascade for months in a series of intrusions that are nearly indistinguishable.

If you think of a data breach as a single isolated incident, you have the wrong problem in mind. In order to plan a strategic breach response, we need to understand what actually happens during a data breach.

When a breach is discovered, it is because hackers broke through the defenses and were able to copy data. This means they obtained administrative access. In the process, they may have modified data, changed configurations, or otherwise wormed their way deeper into the systems. Hackers do this in order to retain access after your team tries to clean-up and block their access.

A data breach usually has cascading security breaches associated with it. The IT team discovers the original breach and fixes some obvious vulnerabilities. Everyone hopes that the hackers are blocked from accessing the systems. However, usually the hackers have entrenched their position, and they re-gain access. This usually happens several times in success while the defensive team continues to patch vulnerabilities.

Data breaches can have cascading intrusions that continue for months. This entire time frame would be referred to as one incident. This happens even when their is only one hacker.